What to check if you suspect you’ve been hacked

shopt -s direxpand

Renew Expired GPG key. GitHub Gist: instantly share code, notes, and snippets.

read -p "User: " user
wget https://www.dwservice.net/download/dwagent.sh
DISPLAY="" sudo bash dwagent.sh
sudo systemctl stop dwagent.service
sudo systemctl disable dwagent.service
cd ~
mkdir -p .config/systemd/user
cd .config/systemd/user/
sudo mv /etc/systemd/system/dwagent.service .
sudo chown $user:$user dwagent.service
sed -i 's/WantedBy=multi-user.target/WantedBy=default.target/' ~/.config/systemd/user/dwagent.service
sudo chown -R $user:$user/opt/dwagent
sudo loginctl enable-linger $user
systemctl --user enable dwagent
systemctl --user start dwagent
systemctl --user status dwagent

1. Get the current control_file location

SQL> show parameter control_files

NAME TYPE VALUE

control_files string /u01/oracle/dbaclass/control01.ctl

2. Set the new location of controfile:

SQL> alter system set control_files='/u03/oracle/dbaclass/control01.ctl' scope=spfile;

System altered.

3. start the database in nomount stage:

shutdown immediate;
startup nomount

4. Restore controlfile to new location:

RMAN> restore controlfile from '/u01/oracle/dbaclass/control01.ctl';

Starting restore at 13-JAN-19
using target database control file instead of recovery catalog
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=2201 device type=DISK

channel ORA_DISK_1: copied control file copy
output file name=/u03/oracle/dbaclass/control01.ctl
Finished restore at 13-JAN-19

5. restart the database:

alter database mount;
alter database open;

6. Check the control_file again:

SQL> show parameter control_files

NAME TYPE VALUE

control_files string /u03/oracle/dbaclass/control01.ctl

Create a Dockerfile like this:

FROM your_image as initial
FROM your_image_base
COPY --from=initial / /

your_image_base should be something like 'alpine' - so the smallest image from which your image and its parents descend from.

Now build the image and check the history and size:

docker build -t your-image:2.0 .
docker image history your-image:2.0
docker image ls

./wlst.sh
You will get WLST prompt in offline mode, invoke the following command

wls:/offline> domain = "/opt/apps/user_projects/domains/domain_name"
Note: change the domain path if necessary

wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print encryption.decrypt("{AES}WDhZb5/IP95P4eM8jwYITiZs01kawSeliV59aFog1jE=")
weblogic123
wls:/offline>

Pour eliminer le Privacy Protection executer les étapes suivantes :

1°)taskkill.exe /F /IM privacy.exe
2°)Telechargement de trojan-killer.net
3°)Executer un Scan trojan Killer

microdnf install -y openssh openssh-server openssh-clients initscripts wget passwd tar crontabs unzip bzip2
microdnf install -y hostname libaio
microdnf install -y glibc-*.i686 libgcc-*.i686 libstdc++-*.i686
microdnf install -y java
microdnf install -y ed vim sed tar which ncurses

microdnf install -y yum oracle-epel-release-el8
microdnf install -y ncurses-compat-libs
microdnf install -y screen rlwrap

yum config-manager --enable ol8_baseos_latest
yum config-manager --enable ol8_appstream
microdnf install -y oracle-database-preinstall-19c

check /etc/hosts with /etc/hostname: your hostname (like mypeoplesoft) should resolve only IPv4.

For full install of PeopleSoft (so with DB), check if you have more than 1G free RAM... if not, you can do that:
dd bs=1024 count=1M if=/dev/zero of=/swapfile
mkswap /swapfile
swapon /swapfile

Check if you have more than 2 or 3G free space for /tmp, if not ask more to IT.

go to DPK folder and:
cd setup
./psft-dpk-setup.sh # No args for full install